70-413 Site Link Bridge Question

compdigit44 used Ask the Experts™
I took the 70-413 upgrade exam and failed with a 670. One of the question that I was stumped on was like the followin..

You need to recommend changes to the Active Directory site topology to support on the company's planned
What should you include in the recommendation?

-Migrate to IPv6 addressing on all of the servers in the Los Angeles office. Some application servers inthe Los Angeles office will have only IPv6 addresses

The choices are: new site, subnet or site link bridge... From my reasrch online site link bridge would appear to be the correct answer.. My question is why?????
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Irrespective of your exam question I will try to explain now Site link bridge

If you go to Ad sites and services, under inter site transports there are two options
If you right click on IP and go to its properties, you will find default selected checkbox "Bridge all site links"
What this means, all domain controllers in all sites (in turn in the all site links) can talk to each other irrespective of member sites in each site link provided that required network ports are opened between domain controllers in all sites.

Microsoft recommends not to alter this setting unless you have genuine requirements
If you change this setting, your site topology will change drastically

Microsoft Says:
you will need to disable Bridge all site links and complete a site link bridge design if:
• Your IP network is not fully routed. When you disable Bridge all site links, all site links are considered nontransitive, and you can create and configure site link bridge objects to model the actual routing behaviour of your network.
• You need to control the replication flow of the changes made in Active Directory Domain Services (AD DS). By disabling Bridge all site links for the site link IP transport and configuring a site link bridge, the site link bridge becomes the equivalent of a disjointed network. All site links within the site link bridge can route transitively, but they do not route outside of the site link bridge.
What it means, if you disable "Bridge all site links" then your all site links must be part of one or multiple site link bridge, other wise inter site replication will not work for that site links (in turn sites in that site link and domain controllers in that site)  

For Ex
You have 4 sites A, B, C and D
Sites B, C and D (Spokes) have direct communication with site A (Hub site)
In this case you could have 3 site links A-B, A-C and A-D with below config

Site-Link  Member-sites
A-B           Site A and B
A-C           Site A and C
A-D           Site A and D

Note that in above case Bridge all site links checkbox is checked and you have cross network connectivity between all sites, but you wanted to replicate between hub and spoke only as you are making changes in Hub site only
This flow is working fine because Bridge all site links checkbox is checked and site A is common in all site links.
Now if you remove "bridge all site links, then you must create new site link bridge and need to add all of your site links in that bridge
If you drop any site link (Ex: A-B) from bridge, your site B domain controllers will not be able to replicate to any domain controllers in site A,C and D
However then site B domain controllers can communicate with other domain controllers in same site if any.

Note that in above example site A is the common site
Hence if you disable "bridge all site links" and created new site link bridge named AB-AC-AD with all site links (A-B, A-C and A-D) added in it, then even if site A DC gone down, still site B DC can replicate with site C or site D domain controllers provided that there is network connectivity exists between all sites

However based on my experience, you do not required to disable "Bridge all site link" no matter how your active directory topology builds
because i believe you will have more than one DC in hub site and even if one DC gone down out of multiple DCs, other DCs in hub site will take care of replication
Also in order to control replication you can build site links which contains only specific sites in it so that replication will occurs between only member sites in given site link

In reality verdict is in order to work with inter site replication, either "bridge all site links" setting must be enabled or you have to have site link bridges and all of your sites must be part of one or multiple site link bridges, other wise intersite replication will not work

Hope that helps



Mahesh, this is a great explanation!!!!

Here is my reasoning of why "new Site Link" was select as the correct answer. If the remote site only support IPV6 and no other site does, other site would not know how to deal with this traffic and would have to be routed to the main site accordingly..

This is on the right track...
Distinguished Expert 2018

In reality for internal networks you don't need IPv6. IPv6 is especially useful because external IP addresses are running out.

The initial deployment of IPv6 will require a tightly coupled use of IPv4 addresses to support the interoperation of IPv6 and IPv4.  Nodes will be able to be deployed with IPv6 addresses, but will still need to communicate with IPv4 nodes that do not have a dual IP layer supporting both IPv4 and IPv6.  This specification defines a mechanism called Assignment of IPv4 Global Addresses to IPv6 Hosts (AIIH), which will assign an IPv6 Host a temporary IPv4 Global Address, which can be used to communicate with a Host that supports IPv4 or IPv4/IPv6. An objective of this specification is to avoid the use of address translation for the deployment of IPv6 in a network.

Check below link for more details

Microsoft is recommending site link bridge if you have firewall between AD sites
Microsoft do not like 3rd party network firewalls
There concept about fully routed network is "any DC in any site can \ should talk to any DC in any site regardless of physical connectivity (They assume that you already have full physical connectivity) exists between those sites"
But obvious, this requirement can't be full filled in todays advanced networking concepts as there are company security considerations
I don't know complete question and scenario, may be MS is forcing you to select Site Link bridge as correct answer, because they have declared it as correct answer

According to me Site link bridge is not required in real world scenario since you can control replication with site link and placing correct member sites in it.
Also there is site link costs and replication schedule are there to have control when you have redundant links and \ OR multiple site links



Once again again Mahesh, great responce.

Ok after some further research here are is my understanding of site link bridges.

1) Used to control replication in a non-transitive mannor.

In the case of this my initial question site link bridge may be he corret answer since the site used IPv6 and you would want the traffic to flow throug a specific route which supports IPV6...

Does this make sense?
Distinguished Expert 2018
Your understanding is perfect about site link bridge

In order to use IPV4 with IPV6 you required IPV4 address 1st in addition to IPv6
you must use IPV6 to IPV4 transition technology such as 6 to 4, ISATAP and DNS64 etc.

But still site link bridge will not help much in case of IPV6 because 1st you have to have direct network connectivity between source and destination and with site link bridge you are using common site architecture

For Ex: site link A-B, A-C and A-D in which site A is the common and if you wanted to communicate with site B, C and D you can have direct connectivity with them via site A
So no need to create break default behaviour (bridge all site links) and to create explicit site link bridge
whether you keep default behaviour and arrange site links site membership OR you create site link bridge for respective sites, you cannot communicate with IPV6 site unless you have direct connectivity within sites and some way to communicate btw IPV4 to IPV6 as mentioned in my earlier comment


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial